1. Field of the Invention
The invention relate generally to providing security for communications between components in a virtualization enabled platform. More particularly, in embodiments of the invention a virtual machine monitor exchanges data between a communication page of a first component and a communication page of a second component.
2. Background Art
The integrity of a virtualization enabled platform may be compromised when security threats exploit communication mechanisms between various components of the platform. These components are subject to complex and evolving attacks by malware seeking to gain control of computer systems. Such attacks can take on a variety of different forms ranging from attempts to crash a software program to subversion of the program for alternate purposes. Additionally, programs are subject to operating system failures and bugs within other programs that can cause corruption of unrelated programs running in the same linear address space.
For example, in current models of end-point access control, a software component of a platform supporting one or more virtual machines may check the status of other software components on the platform and report that status to a policy server making access control decisions. This status checking occurs by communication between the checked component and the monitoring software component on the platform. If the communication between these components is not protected, this system is inherently insecure and the status information cannot be trusted.